Agenda Item: 7.6 Prepared by: Mark Majek, Kathy Thomas, Deborah Bell, Tamara Cowen and Jaye Stepp Meeting Date: October 2014

Transcription

1 Agenda Item: 7.6 Prepared by: Mark Majek, Kathy Thomas, Deborah Bell, Tamara Cowen and Jaye Stepp Meeting Date: October 2014 Summary of Request: The purpose, authority, and responsibility of the internal audit activity must be formally defined in an internal audit charter, consistent with the Definition of Internal Auditing, the Code of Ethics, and the Standards. The chief audit executive must periodically review the internal audit charter and present it to senior management and the board for approval. The internal audit charter is a formal document that establishes the internal audit activity's position within the organization; authorizes access to records, personnel, and physical properties relevant to any function under review; free and unrestricted access to the Board and the Audit Committee; and defines the scope of internal audit activities. Final approval of the internal audit charter resides with the Board. Historical Perspective: The Board last reviewed the Internal Audit Charter in October, Pros: The Board of Nursing will be in compliance with the Internal Auditing code of ethics and standards. Cons: None. Staff Recommendation: Board Action: Move to accept the internal audit charter as prepared by E. Jaye Stepp, CPA for fiscal year 2015.

2 TEXAS BOARD OF NURSING INTERNAL AUDIT CHARTER October 23, 2014 Prepared by: E. Jaye Stepp, CPA, CIA, CGAP, CRMA Internal Auditor for BON

3 INTRODUCTION The purpose, authority, and responsibility of the internal audit activity must be formally defined in an internal audit charter, consistent with the Definition of Internal Auditing, the Code of Ethics, and the Standards. The chief audit executive must periodically review the internal audit charter and present it to senior management and the board for approval. The internal audit charter is a formal document that establishes the internal audit activity's position within the organization; authorizes access to records, personnel, and physical properties relevant to any function under review; free and unrestricted access to the Board and the Audit Committee; and defines the scope of internal audit activities. Final approval of the internal audit charter resides with the Board. DEFINITION OF INTERNAL AUDITING Internal auditing is an independent, objective assurance and consulting activity designed to add value and improve an organization's operations. It helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes. CHIEF AUDIT EXECUTIVE The Texas Board of Nursing (BON) contracts for internal audit services to meet the requirements of the Texas Internal Audit Act. The Board is responsible for the selection, appointment, removal, and performance evaluation of the Internal Auditor. The Texas Internal Audit Act requires that the internal auditor be either a Certified Public Accountant (CPA) or Certified Internal Auditor (CIA). The Institute of Internal Auditor s Professional Standards recommends that the Chief Audit Executive possess one or more of the following credentials: CPA, CIA, Certified Government Audit Professional (CGAP) or Certified Information Systems Auditor (CISA). In keeping with these guidelines, BON s contracted internal auditor serves as the agency s Chief Audit Executive. OBJECTIVES AND SCOPE OF WORK Assurance Objectives The objectives of assurance services are to provide formal, independent assurance to management and the Audit Committee that the organization s assets are safeguarded, that operating efficiency is enhanced, and that compliance is maintained with prescribed laws, and management and Board policies. The assurance services objectives also include independent assessment of the organization s risk awareness and management, reliability and integrity of the organization s data, and achievement of the organization s goals and objectives. 1

4 Consulting Objectives The objectives of consulting services are to provide management with assessments and advice for improving processes that will advance the goals and objectives of the organization. No assurance is provided. The objectives of consulting services are to provide formal assessments and advice on the front-end of projects so that risks may be managed and internal controls may be designed at the beginning of a project. Typically, the objectives and the scope of the projects are agreed to by management. Scope The scope of work of the internal auditing activity is to determine whether the organization s framework of risk management, control, and governance processes, as designed and represented by management, is adequate and functioning in a manner to ensure: Risks are appropriately identified and managed. Risk and control information is effectively communicated throughout the organization. Interaction with the various governance groups occurs as needed. Significant financial, managerial, and operating information is accurate, reliable, and timely. Employee actions are in compliance with policies, standards, procedures, and applicable laws and regulations. Resources are acquired economically, used efficiently, and adequately protected. Programs, plans, and objectives are monitored and achieved in line with the organization s mission. Quality and continuous improvement are fostered in the organization s control process. Significant legislative or regulatory issues impacting the organization are recognized and addressed appropriately. Internal controls are in place and are functioning effectively to accomplish business objectives. Information technology controls including systems security controls are in place and are functioning effectively. Specific operations, processes and programs are reviewed at the request of management or the Audit Committee. During the performance of audit work, recommendations for improvement in risk management, control, and governance processes may be identified. This information will be communicated to the appropriate level of management and the Board s designated Internal Audit liaison. 2

5 AUTHORITY The chief audit executive, or contract internal auditor, and staff of the internal auditing activity are authorized to: Have unrestricted access to all agency divisions, departments, personnel, activities, confidential and non-confidential data and records, information systems, physical property, and contractors relevant to the performance of engagements, subject to applicable state and federal laws. Have access to contractor records and files in line with contract terms and specifically the right to audit section. Have full and free access to the designated Board-Audit liaison and the executive director. Allocate resources, set frequencies, select subjects, determine scopes of work, and apply the techniques required to accomplish assurance and consulting objectives. Obtain the necessary assistance of agency personnel in units of the organization where audits are performed, as well as other specialized services from within or outside the organization. Obtain timely reports from management on actions proposed and taken pertaining to audit recommendations. The chief audit executive and staff of the internal auditing activity are not authorized to: Perform any operational duties for the organization, its sub-grantees or contractors. Compliance duties are not considered operational duties. Initiate or approve accounting transactions external to the internal auditing activity. Direct the activities of any organization employee external to the internal auditing activity, except to the extent such employees have been appropriately assigned to auditing teams or to otherwise assist the internal auditors. INDEPENDENCE AND OBJECTIVITY To provide for the independence of the internal audit activity, the internal auditor reports functionally to the Board and administratively to the executive director or her designee in a manner outlined in the section on Accountability. 3

6 RESPONSIBILITIES AND ACCOUNTABILILTY Responsibilities The chief audit executive and staff of the internal auditing activity have responsibility to: Develop a flexible annual audit plan using an appropriate risk-based methodology, considering any risks or control concerns identified by management, and submit that plan to the Board for review and approval as well as provide periodic updates. Implement the approved audit plan including appropriate plan amendments and special tasks or projects requested by management and the Board. Assess the adequacy and effectiveness of the organization s processes for controlling its activities and managing its risks in the areas set forth under the mission and scope of work. Maintain a professional audit staff with sufficient knowledge, skills, experience, and professional certifications to meet the requirements of this Charter. Evaluate and assess significant new or changing functions, services, processes, operations, and internal controls concurrent with their development, implementation, and/or expansion. Issue periodic reports to the audit committee and management summarizing results of audit activities, including monitoring the implementation of previous audit recommendations. Keep management and the Board informed of emerging trends and successful practices in risk management, control, and governance. Assist in the deterrence of fraud by examining and evaluating the adequacy and the effectiveness of the system of internal controls. Report immediately any known incident of significant fraud to executive management, the Board-Audit liaison, the Board, and the State Auditor s Office. Assist in the investigation of significant suspected fraudulent activities within the organization and notify management and the Board of the results. Consider the scope of work of the external auditors and regulators, as appropriate, for the purpose of providing optimal audit coverage to the organization at a reasonable overall cost. Maintain an effective quality assurance program to include training, internal reviews, and external reviews. Prepare an annual report and submit the report before November 1 st of each year to the Governor s Office, the Legislative Budget Board, the Sunset Advisory Commission, the State Auditor s Office, the agency s governing board, and the agency s administrator. The form and content of the report will be determined by the State Auditor. 4

7 Accountability The chief audit executive, in the discharge of his/her duties, shall be accountable to the Board and the executive director to: Provide an assessment on the adequacy and effectiveness of the organization s processes for controlling its activities and managing its risks in the areas set forth in the current year s annual audit plan. Report significant issues related to the processes for controlling the activities of BON, its sub-grantees and contractors, including potential improvement to those processes, and provide information concerning such issues through resolution. Periodically provide information on the status and results of the annual audit plan and the sufficiency of internal audit resources. Coordinate with and provide oversight of other control and monitoring functions (risk management, compliance, security, legal, ethics, environmental, external audit). STANDARDS OF AUDIT PRACTICE The internal auditing activity shall be governed by adherence to the following standards: Texas Government Code, Chapter 2102 (Texas Internal Auditing Act) International Standards for the Professional Practice of Internal Auditing and the Code of Ethics of the Institute of Internal Auditors. Government Auditing Standards of the United States Government Accountability Office. SIGNATURE SECTION The Internal Audit Charter was adopted by the Texas Board of Nursing on this day of October, Katherine A. Thomas, MN, RN, FAAN Executive Director Kathy Shipp, MSN, RN, FNP Board President Jaye Stepp, CPA, CIA, CGAP, CRMA Contracted Internal Auditor for TBON 5